Insufficient access control in the web interface of ABB Asset Suite versions 9.0 to 9.3, 9.4 prior to 9.4.2.6, 9.5 prior to 9.5.3.2 and 9.6.0 enables full access to directly referenced objects. An attacker with knowledge of a resource's URL can access the resource directly.
References
Link | Resource |
---|---|
https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9962&LanguageCode=en&DocumentPartId=&Action=Launch | Vendor Advisory |
https://www.us-cert.gov/ics/advisories/icsa-20-072-02 | Third Party Advisory US Government Resource |
Configurations
Configuration 1 (hide)
|
History
16 May 2023, 20:06
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:abb:asset_suite:9.6.0:*:*:*:*:*:*:* |
cpe:2.3:a:hitachienergy:asset_suite:*:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:asset_suite:9.6.0:*:*:*:*:*:*:* |
01 Jan 2022, 19:54
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.us-cert.gov/ics/advisories/icsa-20-072-02 - Third Party Advisory, US Government Resource |
Information
Published : 2020-02-17 19:15
Updated : 2024-02-04 20:39
NVD link : CVE-2019-18998
Mitre link : CVE-2019-18998
CVE.ORG link : CVE-2019-18998
JSON object : View
Products Affected
hitachienergy
- asset_suite